vineri, 3 mai 2013
Adobe to Fix PDF Information Leakage Issue on May 14
A few days ago, researchers from security firm McAfee reported uncovering a PDF usage tracking issue in Adobe Reader. The flaw can be leveraged by an attacker to track when and where PDF documents are opened.
Adobe says it’s aware of the issue, which it catalogues as being of “low severity.”
“A user’s IP address and timestamp could be exposed when opening a specially crafted PDF and then clicking a URL within the document,” Adobe’s PSIRT wrote in a blog post.
The company says it will address this bug in both Reader and Acrobat with the next scheduled release, on May 14.
McAfee experts have admitted that the vulnerability is not critical, but they have warned that it could be leveraged in the first phase of sophisticated attacks.